CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45198
https://notcve.org/view.php?id=CVE-2024-45198
03 Apr 2025 — insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/ef11311ae0633cbd3d794f73c64e3877 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45199
https://notcve.org/view.php?id=CVE-2024-45199
03 Apr 2025 — insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. ... This can further lead to remote code execution. • https://gist.github.com/azraelxuemo/d019ad079d540ef28870dbd9552a7c62 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29064
https://notcve.org/view.php?id=CVE-2025-29064
03 Apr 2025 — An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. • https://github.com/kn0sky/cve/blob/main/TOTOLINK%20X18/OS%20Command%20Injection%20setLanguageCfg_lang.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 16%CPEs: 1EXPL: 0CVE-2025-30406 – Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability
https://notcve.org/view.php?id=CVE-2025-30406
03 Apr 2025 — This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. ... Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution. • https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31477 – Improper Scope Validation in the open Endpoint of tauri-plugin-shell
https://notcve.org/view.php?id=CVE-2025-31477
02 Apr 2025 — Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. ... By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 164EXPL: 0CVE-2025-20203
https://notcve.org/view.php?id=CVE-2025-20203
02 Apr 2025 — An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 162EXPL: 0CVE-2025-20120
https://notcve.org/view.php?id=CVE-2025-20120
02 Apr 2025 — An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31722
https://notcve.org/view.php?id=CVE-2025-31722
02 Apr 2025 — In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39780 – Use of unsafe yaml load in dynparam
https://notcve.org/view.php?id=CVE-2024-39780
02 Apr 2025 — The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. • https://github.com/ros/dynamic_reconfigure/pull/202 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •